Deleting spurious *.spec.bak files
This commit is contained in:
parent
0768015046
commit
797e123b92
@ -1,921 +0,0 @@
|
||||
# $Id: e-smith-packetfilter.spec,v 1.15 2021/11/16 03:18:06 jpp Exp $
|
||||
|
||||
Summary: smeserver server and gateway - packetfilter add-on
|
||||
%define name smeserver-packetfilter
|
||||
Name: %{name}
|
||||
%define version 11.0.0
|
||||
%define release 3
|
||||
Version: %{version}
|
||||
Release: %{release}%{?dist}
|
||||
License: GPL
|
||||
Group: Networking/Daemons
|
||||
Source: %{name}-%{version}.tar.xz
|
||||
|
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||
BuildArchitectures: noarch
|
||||
Requires: smeserver-base >= 5.8.0-49
|
||||
Requires: ulogd >= 2
|
||||
Requires: daemontools
|
||||
Requires: iptables
|
||||
BuildRequires: smeserver-devtools
|
||||
Obsoletes: e-smith-ipmasq
|
||||
AutoReqProv: no
|
||||
Requires(pre): /usr/sbin/useradd
|
||||
|
||||
Provides: e-smith-packetfilter
|
||||
%description
|
||||
smeserver server and gateway software - packetfilter add-on
|
||||
|
||||
%changelog
|
||||
* Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-3.sme
|
||||
- Set license file to GPL2.0 [SME: 12577]
|
||||
|
||||
* Sat Mar 23 2024 Brian Read <brianr@koozali.org>11.0.0-2.sme
|
||||
- Change Requires: e-smith- to Requires:smeserver-
|
||||
|
||||
* Sat Mar 23 2024 Brian Read <brianr@koozali.org>11.0.0-1.sme
|
||||
- Update Release and Version to base version and 1st release for SME11 [SME: 12518]
|
||||
|
||||
* Mon Mar 11 2024 rename-e-smith-pkg.sh by Trevor Batley <trevor@batley.id.au> 2.6.0-10.sme
|
||||
- Rename to smeserver-packetfilter [SME: 12359]
|
||||
|
||||
* Wed Jul 12 2023 cvs2git.sh aka Brian Read <brianr@koozali.org> 2.6.0-9.sme
|
||||
- Roll up patches and move to git repo [SME: 12338]
|
||||
|
||||
* Wed Jul 12 2023 BogusDateBot
|
||||
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
|
||||
by assuming the date is correct and changing the weekday.
|
||||
Mon Apr 21 2001 --> Mon Apr 16 2001 or Sat Apr 21 2001 or Mon Apr 23 2001 or ....
|
||||
Fri Nov 23 2006 --> Fri Nov 17 2006 or Thu Nov 23 2006 or Fri Nov 24 2006 or ....
|
||||
Fri Apr 09 2007 --> Fri Apr 06 2007 or Mon Apr 09 2007 or Fri Apr 13 2007 or ....
|
||||
|
||||
* Mon Nov 15 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-8.sme
|
||||
- restrict VPN networks to their interface [SME: 11640]
|
||||
remove remoteVPNSubnet property added VPNif property
|
||||
|
||||
* Wed Apr 07 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-7.sme
|
||||
- fix dropin file not expanded on initial installation [SME: 11528]
|
||||
- fix noise on logrotate, doing a restart instead of reload [SME: 11451]
|
||||
|
||||
* Thu Mar 04 2021 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-6.sme
|
||||
- move ulogd to systemd [SME: 11426]
|
||||
- require ulogd 2 [SME: 11426]
|
||||
|
||||
* Wed Mar 03 2021 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-5.sme
|
||||
- remove pptpd last references [SME: 11420]
|
||||
|
||||
* Fri Feb 12 2021 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-4.sme
|
||||
- remove /usr/lib/systemd/system-preset/80-koozali-packetfilter.preset [SME: 10958]
|
||||
|
||||
* Fri Dec 11 2020 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-3.sme
|
||||
- drop pptpd support [SME: 11251]
|
||||
|
||||
* Tue Nov 10 2020 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-2.sme
|
||||
- launch masq using systemd unit [SME: 11089]
|
||||
- create event to avoid reboot on update [SME: 11122]
|
||||
|
||||
* Fri Feb 05 2016 stephane de Labrusse <stephdl@de-labrusse.fr> 2.6.0-1.sme
|
||||
- Initial release to sme10
|
||||
|
||||
* Thu Feb 28 2013 Ian Wells <esmith@wellsi.com> 2.4.0-3.sme
|
||||
- Prevent multiple instances of the masq script running,
|
||||
patch by Charlie Brady [SME: 7415]
|
||||
|
||||
* Tue Feb 19 2013 Daniel Berteaud <daniel@firewall-services.com> 2.4.0-2.sme
|
||||
- Use extrapositioned negation (Credits to John Crisp) [SME: 7262]
|
||||
|
||||
* Wed Feb 6 2013 Shad L. Lords <slords@mail.com> 2.4.0-1.sme
|
||||
- Roll new stream for sme9
|
||||
|
||||
* Tue Oct 7 2008 Shad L. Lords <slords@mail.com> 2.2.0-1.sme
|
||||
- Roll new stream to separate sme7/sme8 trees [SME: 4633]
|
||||
|
||||
* Fri May 18 2007 Shad L. Lords <slords@mail.com> 1.18.0-6
|
||||
- Use correct lib for modules
|
||||
|
||||
* Sun Apr 29 2007 Shad L. Lords <slords@mail.com>
|
||||
- Clean up spec so package can be built by koji/plague
|
||||
|
||||
* Fri Apr 09 2007 Stephen Noble <support@dungog.net> 1.18.0-5
|
||||
- Fix masq error in server only mode (cannot open UDPPort) [SME: 2812]
|
||||
|
||||
* Fri Apr 06 2007 Shad L. Lords <slords@mail.com> 1.18.0-4
|
||||
- Fix perms for ulogd.conf file [SME: 2722]
|
||||
|
||||
* Mon Mar 19 2007 Shad L. Lords <slords@mail.com> 1.18.0-3
|
||||
- Update ulogd.conf to new format [SME: 2744]
|
||||
|
||||
* Fri Feb 09 2007 Shad L. Lords <slords@mail.com> 1.18.0-2
|
||||
- Fix sorting for Ports properties [SME: 56]
|
||||
|
||||
* Fri Jan 26 2007 Shad L. Lords <slords@mail.com> 1.18.0-1
|
||||
- Roll stable stream. [SME: 2328]
|
||||
|
||||
* Thu Jan 18 2007 Shad L. Lords <slords@mail.com> 1.17.0-7
|
||||
- Move last masq fragments from e-smith-base.
|
||||
|
||||
* Wed Jan 17 2007 Shad L. Lords <slords@mail.com> 1.17.0-6
|
||||
- Use both {TCP,UDP}Port and {TCP,UDP}Ports for masq template [SME: 56]
|
||||
|
||||
* Thu Dec 07 2006 Shad L. Lords <slords@mail.com>
|
||||
- Update to new release naming. No functional changes.
|
||||
- Make Packager generic
|
||||
|
||||
* Thu Nov 23 2006 Gordon Rowell <gordonr@gormand.com.au> 1.17.0-04
|
||||
Fri Nov 23 2006 --> Fri Nov 17 2006 or Thu Nov 23 2006 or Fri Nov 24 2006 or ....
|
||||
- Remove TCPMinimizeDelay default for ssh [SME: 2083]
|
||||
|
||||
* Mon Aug 28 2006 Charlie Brady <charlie_brady@mitel.com> 1.17.0-03
|
||||
- Ensure that $OUTERNET is an IP address. [SME: 1815]
|
||||
|
||||
* Sun Aug 13 2006 Charlie Brady <charlie_brady@mitel.com> 1.17.0-02
|
||||
- Merge in masq fragments from e-smith-base.
|
||||
|
||||
* Sun Aug 13 2006 Charlie Brady <charlie_brady@mitel.com> 1.17.0-01
|
||||
- Roll new development stream.
|
||||
|
||||
* Wed Jul 26 2006 Gordon Rowell <gordonr@gormand.com.au> 1.16.0-05
|
||||
- Remove redundant auto-generated service-specific denylog rules from
|
||||
90InboundTCP10filter_{tcp,udp} [SME: 1776]
|
||||
|
||||
* Tue Jul 18 2006 Charlie Brady <charlie_brady@mitel.com> 1.16.0-04
|
||||
- Bundle fragments from e-smith-ipmasq and obsolete that RPM. [SME: 1002]
|
||||
|
||||
* Tue Jun 20 2006 Filippo Carletti <carletti@mobilia.it> 1.16.0-03
|
||||
- No longer drop UDP packets in serveronly mode [SME: 1002]
|
||||
|
||||
* Thu Apr 6 2006 Gavin Weight <gweight@gmail.com> 1.2.0-02
|
||||
- Make ident TCP reject configurable, based on oidentd status.
|
||||
If oidentd{status} is enabled, allow ident, otherwise REJECT it [SME: 85]
|
||||
|
||||
* Wed Mar 15 2006 Charlie Brady <charlie_brady@mitel.com> 1.2.0-01
|
||||
- Roll stable stream version. [SME: 1016]
|
||||
|
||||
* Wed Nov 30 2005 Gordon Rowell <gordonr@gormand.com.au> 1.15.1-12
|
||||
- Bump release number only
|
||||
|
||||
* Wed Sep 21 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.15.1-11]
|
||||
- Remove force/masq/status fragment, and fix "masq adjust" so
|
||||
that it is harmless if firewall is disabled. This leaves unsolved
|
||||
the problem of whether to toggle disabled->enabled during upgrades.
|
||||
[SF: 1261356]
|
||||
|
||||
* Wed Sep 7 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.15.1-10]
|
||||
- Fix location of force/status fragment for masq service. [SF: 1261356]
|
||||
|
||||
* Tue Aug 30 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.15.1-09]
|
||||
- Add force/status fragment for masq service, to force enabled.
|
||||
This ensures that firewall is running after a system upgrade,
|
||||
to avoid various panel failure modes. Solution to be reviewed
|
||||
for alternatives later. [SF: 1261356]
|
||||
|
||||
* Fri Aug 26 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.15.1-08]
|
||||
- Remove filtering of outbound ICMP - it's blocking legitimate ICMP
|
||||
redirects. [MN00093544]
|
||||
|
||||
* Tue Aug 2 2005 Shad Lords <slords@email.com>
|
||||
- [1.15.1-07]
|
||||
- Add default $masq{Stealth} db entry
|
||||
|
||||
* Tue Aug 2 2005 Gordon Rowell <gordonr@gormand.com.au>
|
||||
- [1.15.1-06]
|
||||
- Rejct IDENT with a TCP reset [SF: 1240659]
|
||||
- Add support for UDPPort (c.f. TCPPort) property to allow
|
||||
filtered UDP [SF: 1241398]
|
||||
- Add support for DenyHosts property (see 1.15.0-02 for AllowHosts)
|
||||
[SF: 1241398]
|
||||
|
||||
* Mon Jul 18 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.15.1-05]
|
||||
- Tidy up path reference to networks db. [SF: 1216546]
|
||||
|
||||
* Tue Jun 7 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.15.1-04]
|
||||
- Fix ulogd logging to stdout not being captured by multilog.
|
||||
|
||||
* Mon May 2 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.15.1-03]
|
||||
- Add requires headers for ulogd and daemontools.
|
||||
|
||||
* Sun May 1 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.15.1-02]
|
||||
- Switch to logging via ulogd and multilog.
|
||||
|
||||
* Sun May 1 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.15.1-01]
|
||||
- Roll new development stream - 1.15.1
|
||||
|
||||
* Wed Mar 30 2005 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.15.0-15]
|
||||
- Set $OUTERNET to equal $LocalIP in masq script in serveronly mode,
|
||||
so that masq script (if enabled) does not block allowed public access.
|
||||
- Remove various 45Allow* fragments as TCPPort properties of services
|
||||
will allow access if public access is enabled.
|
||||
|
||||
* Fri Nov 12 2004 Tony Clayton <apc@e-smith.com>
|
||||
- [1.15.0-14]
|
||||
- More cleanup for iptables-trace [tonyc]
|
||||
|
||||
* Fri Nov 12 2004 Tony Clayton <apc@e-smith.com>
|
||||
- [1.15.0-13]
|
||||
- update to latest iptables-trace [tonyc] :
|
||||
- add logging for default chain policy fallback
|
||||
- fix stop() bug causing _any_ rules with --log-prefix to be removed
|
||||
|
||||
* Fri Apr 30 2004 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.15.0-12]
|
||||
- Made TOS settings configurable, with just ssh set by default.
|
||||
[msoulier dpar-28993]
|
||||
|
||||
* Wed Feb 25 2004 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.15.0-11]
|
||||
- Tightened rules for remote vpn subnets. [msoulier dpar-21836]
|
||||
|
||||
* Wed Jan 28 2004 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.15.0-10]
|
||||
- Fixed iptables-trace "stop" removing rules from the denylog chain.
|
||||
[msoulier 10955]
|
||||
|
||||
* Wed Jan 28 2004 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.15.0-09]
|
||||
- Added a toggle of the trace option during adjust, so adjusts work with trace
|
||||
enabled. [msoulier 8117]
|
||||
|
||||
* Mon Dec 1 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.15.0-08]
|
||||
- Changed multicast DROP target to denylog, so it toggles. [msoulier 9450]
|
||||
|
||||
* Mon Dec 1 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.15.0-07]
|
||||
- Changed the toggle property name to DenylogTarget. [msoulier 9450]
|
||||
|
||||
* Mon Dec 1 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.15.0-06]
|
||||
- Added firewall-wide toggle for denylog DROP/REJECT. [msoulier 9450]
|
||||
|
||||
* Sat Nov 29 2003 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.15.0-05]
|
||||
- Ensure that masq script expands without error in serveronly mode.
|
||||
[charlieb 10162]
|
||||
|
||||
* Sat Oct 4 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.15.0-04]
|
||||
- Fixed error in masq fragment with stealth enabled. [msoulier 10165]
|
||||
|
||||
* Thu Sep 25 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.15.0-03]
|
||||
- Add masq to 0.0.0.0/0 for public, unrestricted [gordonr 10050]
|
||||
|
||||
* Tue Sep 23 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.15.0-02]
|
||||
- New fragment 90InboundTCP10filter_tcp, a further step towards
|
||||
auto-generation of rules, removing the 45Allow* fragments:
|
||||
|
||||
For all services which have a TCPPort property defined:
|
||||
If the service is 'enabled' and the service is 'public',
|
||||
generate iptables rules as follows:
|
||||
If an AllowHosts property is defined, allow only those hosts
|
||||
Otherwise allow all hosts
|
||||
|
||||
AllowHosts is comma separated, and can contain IPs, IP/mask and CIDR
|
||||
|
||||
This will generate duplicate rules until the 45Allow* fragments
|
||||
are removed, which can happen once the TCPPort property is defined
|
||||
for a service.
|
||||
|
||||
QUERY: Should this be TCPPort (singular) or TCPPorts (plural)?
|
||||
TODO: Create db defaults fragments to deprecate the 45Allow* fragments
|
||||
TODO: Possibly add DenyHosts processing [gordonr 10050]
|
||||
|
||||
* Tue Sep 23 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.15.0-01]
|
||||
- Changing version to development stream number - 1.15.0
|
||||
- Dev stream [gordonr 10050]
|
||||
|
||||
* Thu Jun 26 2003 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.14.0-01]
|
||||
- Changing version to stable stream number - 1.14.0
|
||||
|
||||
* Tue Jun 17 2003 Tony Clayton <apc@e-smith.com>
|
||||
- [1.13.0-27]
|
||||
- Again [tonyc 8578]
|
||||
|
||||
* Tue Jun 17 2003 Tony Clayton <apc@e-smith.com>
|
||||
- [1.13.0-26]
|
||||
- Add lo->lo ACCEPT rule back to 90local_chk00Start fragment [tonyc 8578]
|
||||
|
||||
* Mon Jun 16 2003 Tony Clayton <apc@e-smith.com>
|
||||
- [1.13.0-25]
|
||||
- Split 90AllowLocal masq fragment into 90local_chk* [tonyc 8578]
|
||||
|
||||
* Mon Jun 2 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-24]
|
||||
- Explicitely blocking multicast not from a local network.
|
||||
[msoulier 6031]
|
||||
|
||||
* Thu May 1 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-23]
|
||||
- Added chain creation during adjust. What a thought. [msoulier 7695]
|
||||
|
||||
* Thu May 1 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-22]
|
||||
- Added support for a PPPconn chain to track rules to permit PPTP connections.
|
||||
[msoulier 7695]
|
||||
|
||||
* Fri Apr 25 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-21]
|
||||
- Refactored the 90adjustUDP template into multiple fragments. [msoulier 8505]
|
||||
|
||||
* Fri Apr 25 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-20]
|
||||
- Refactored the 90adjustTCP template into multiple fragments. [msoulier 8505]
|
||||
|
||||
* Tue Apr 22 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-19]
|
||||
- Accepting all traffic from the loopback interface. [msoulier 8299]
|
||||
|
||||
* Mon Apr 21 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-18]
|
||||
- Removed acceptance of anything not from the external interface. The local
|
||||
networks list should be sufficient. [msoulier 8299]
|
||||
|
||||
* Mon Apr 21 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-17]
|
||||
- Added handling of local_chk chain in adjustment. [msoulier 8299]
|
||||
|
||||
* Mon Apr 14 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.13.0-16]
|
||||
- Flag pptp masq as on by default [gordonr 6694]
|
||||
|
||||
* Tue Apr 8 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-15]
|
||||
- Added iptables-trace in /etc/rc.d/init.d. [msoulier 7613]
|
||||
|
||||
* Tue Apr 1 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.13.0-14]
|
||||
- Added denylog: prefix to denied packet logs [gordonr 6852]
|
||||
|
||||
* Tue Mar 25 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-13]
|
||||
- Portforwarding still had problems, fixed here. [msoulier 7284]
|
||||
|
||||
* Tue Mar 25 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-12]
|
||||
- Added ForwardedTCP and ForwardedUDP, as well as supporting code to
|
||||
permit certain ports to be opened for forwarded traffic inbound. Required
|
||||
for portforwarding. [msoulier 7284]
|
||||
|
||||
* Fri Mar 7 2003 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.13.0-11]
|
||||
- Add "use esmith::util" to 01localNetworks fragment. Needed if
|
||||
esmith::templates form of processTemplate is used. [charlieb 5650]
|
||||
|
||||
* Fri Feb 21 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.13.0-10]
|
||||
- Remove quotes around 'Name' - not required [gordonr 7343]
|
||||
|
||||
* Fri Feb 21 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.13.0-09]
|
||||
- Make use of ExternalInterface definition in 00Definitions [gordonr 7343]
|
||||
- Update dependency on e-smithbase [gordonr 7343]
|
||||
|
||||
* Mon Feb 3 2003 Mark Knox <markk@e-smith.com>
|
||||
- [1.13.0-08]
|
||||
- Open port 443 when either web server is enabled [markk 6428]
|
||||
|
||||
* Fri Jan 24 2003 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.13.0-07]
|
||||
- Fix one last broken here document. [charlieb 6651]
|
||||
|
||||
* Thu Jan 23 2003 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.13.0-06]
|
||||
- Fix a few typos in previous round of masq fragment changes. [charlieb]
|
||||
|
||||
* Thu Jan 23 2003 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.13.0-05]
|
||||
- formatting changes in masq/00Functions template fragment [charlieb]
|
||||
- Use connection tracking on both INPUT and FORWARD tables [charlieb 6651]
|
||||
- Allow any local traffic on INPUT and FORWARD chains. Local traffic
|
||||
is currently defined as all traffic which didn't come in via the
|
||||
external interface. That definition can easily change, as there is
|
||||
a special chain for accepting local traffic. [charlieb 6709]
|
||||
- Remove explicit allow of multicast traffic, as it is a subset of "local"
|
||||
traffic [charlieb 6031, 6709]
|
||||
- Move ICMP type checking into "adjust" part of masq script [charlieb 6709]
|
||||
|
||||
* Sat Jan 18 2003 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.13.0-04]
|
||||
- Permitting multicast traffic to and from the internal interface.
|
||||
[msoulier 6031]
|
||||
|
||||
* Wed Jan 15 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.13.0-03]
|
||||
- Put back non-redundant DROP lines, but add a comment as to why
|
||||
they are there [gordonr 6580]
|
||||
|
||||
* Wed Jan 15 2003 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.13.0-02]
|
||||
- Remove redundant DROP lines from denylog chain [gordonr 6580]
|
||||
|
||||
* Thu Jan 9 2003 Mark Knox <markk@e-smith.com>
|
||||
- [1.13.0-01]
|
||||
- Forced version update by co2rpm to 1.13.0
|
||||
|
||||
* Mon Dec 16 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.12.0-01]
|
||||
- Roll to stable version to 1.12.0
|
||||
|
||||
* Fri Nov 29 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.11.0-07]
|
||||
- Added a get_safe_id function, to factor out firewall rule scanning code, and
|
||||
prevent chain name clashes in the extreme case. [msoulier 5696]
|
||||
|
||||
* Thu Nov 28 2002 Michael Soulier <msoulier@e-smith.com>
|
||||
- [1.11.0-06]
|
||||
- Removed specific tcp_in and udp_in chains in favour of the InboundTCP_$$ and
|
||||
InboundUDP__$$ chains. They are far, far easier to manage, especially for
|
||||
the portforwarding blade. [msoulier 5696]
|
||||
|
||||
* Wed Nov 20 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.11.0-05]
|
||||
- Make sure that --numeric is used with any --list command, to avoid
|
||||
reverse lookup delays. [charlieb 5644]
|
||||
|
||||
* Wed Nov 13 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.11.0-04]
|
||||
- Peel off ICMP for checking after packets for ESTABLISHED and RELATED
|
||||
connections are allowed. This allows outbound ping to work. [charlieb 5423]
|
||||
|
||||
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.11.0-03]
|
||||
- Apply UDP filtering only on traffic entering via external
|
||||
interface. [charlieb 5644]
|
||||
|
||||
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.11.0-02]
|
||||
- Add UDP input filter setup and adjust rules.
|
||||
Re-arrange 00Functions a bit so that perl block is
|
||||
shorter and the rest is in-line [charlieb 5644]
|
||||
- Move adjustEnd to 92, to allow 91 hole for any adjustments
|
||||
needing to be done after input filter rules are adjusted
|
||||
(e.g. port forwarding).
|
||||
|
||||
* Mon Nov 11 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.11.0-01]
|
||||
- rolling development stream to 1.11.0
|
||||
|
||||
* Sat Oct 19 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.10.0-08]
|
||||
- Send default packets on the FORWARD filter to denylog, rather than
|
||||
DROP. [charlieb 5246]
|
||||
- Revert 2) from 1.10.0-05 checkin. 5.5 ipchains forwarding rules do not allow
|
||||
IP masqueraded packets. [charlieb 5246]
|
||||
|
||||
* Fri Oct 18 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.10.0-07]
|
||||
- Commit new file 42CheckTCPInput which was missed in last checkin.
|
||||
[charlieb 5246]
|
||||
|
||||
* Fri Oct 18 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.10.0-06]
|
||||
- Create a new intermediate TCP input chain, and create a new temporary
|
||||
TCP input chain whenever we run "masq adjust". This ensures that
|
||||
new TCP input checking rules occur at the same place during input
|
||||
checking as existing rules, and also means that rules previously created
|
||||
by now-removed packages disappear. [charlieb 4501, 5246]
|
||||
|
||||
* Thu Oct 17 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.10.0-05]
|
||||
- Fix to the previous change 1) to restore some commented out rules,
|
||||
and 2) to fix those rules so that they match the 5.5 ipchains
|
||||
version. [charlieb 5246]
|
||||
|
||||
* Thu Oct 17 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.10.0-04]
|
||||
- Changes so that local networks can be added/deleted and "masq adjust"
|
||||
will correctly re-adjust the filters. [charlieb 5246]
|
||||
|
||||
* Tue Oct 15 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.10.0-03]
|
||||
- Change 00Functions so that "tcp_in" function can create chains as required
|
||||
during "masq adjust", so that new modules can add rules and still avoid
|
||||
"masq restart". [charlieb 4501]
|
||||
|
||||
* Tue Oct 15 2002 Mark Knox <markk@e-smith.com>
|
||||
- [1.10.0-02]
|
||||
- Re-add echo-reply support (doesn't work with conntrack) [markk 5213]
|
||||
|
||||
* Sat Oct 12 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.10.0-01]
|
||||
- Roll to maintained version number to 1.10.0
|
||||
- Remove "perl createlinks" from %build section, since we no longer
|
||||
have a createlinks file.
|
||||
|
||||
* Fri Oct 11 2002 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.9.15-07]
|
||||
- Check the correct configDB entry for public POP [gordonr 5181]
|
||||
|
||||
* Tue Oct 8 2002 Mark Knox <markk@e-smith.com>
|
||||
- [1.9.15-06]
|
||||
- Use denylog target for dropped ICMP packets [markk 5095]
|
||||
- Remove explicit echo-reply support (we use conntrack now) [markk 5095]
|
||||
|
||||
* Mon Oct 7 2002 Mark Knox <markk@e-smith.com>
|
||||
- [1.9.15-05]
|
||||
- Drop ICMP echo-requests on ext i/f when in private s/g mode or if Stealth
|
||||
property is set. General cleanup of ICMP rules. [markk 5095]
|
||||
|
||||
* Wed Sep 11 2002 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.9.15-04]
|
||||
- Added extra slosh in tcp_in as one gets gobbled by template evaluation
|
||||
and we need one in the final output. Reformatted the lines and moved
|
||||
proto/port together on first line of pair for readability [gordonr 4792]
|
||||
|
||||
* Thu Sep 5 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.15-03]
|
||||
- Fix tcp_in function - it doesn't work too well without the jump to the
|
||||
newly defined rule. Change DROP to denylog in the placeholder rule,
|
||||
even though it is short-lived. [charlieb 4792]
|
||||
|
||||
* Mon Sep 2 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.15-02]
|
||||
- Remove createlinks script and network-{create,delete} event directories -
|
||||
the required change was made in e-smith-base, and this shouldn't have
|
||||
been checked in. [charlieb 4501]
|
||||
|
||||
* Wed Aug 28 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.15-01]
|
||||
- Rolling minor version number to work around wrinkle in co2rpm [charlieb 3700]
|
||||
|
||||
* Wed Aug 28 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.14-04]
|
||||
- Remove 45AllowAUTH masq fragment - moved to e-smith-oidentd package.
|
||||
[charlieb 4435]
|
||||
|
||||
* Tue Aug 27 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.14-03]
|
||||
- Fix iptables syntax in AdjustTOS fragment [charlieb 1268]
|
||||
|
||||
* Mon Aug 26 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.14-02]
|
||||
- Fix AllowICMPfromLAN template error [charlieb 1268]
|
||||
|
||||
* Thu Aug 22 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.14-01]
|
||||
- Use full iptables path in status fragment - allows "service masq status" to
|
||||
work. [charlieb 1268]
|
||||
- Fix local networks list [charlieb 1268]
|
||||
|
||||
* Tue Aug 20 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.13-01]
|
||||
- Fix syntax in 30adjustTOS fragment. Move definitions to start of masq
|
||||
script where they can be used in functions. [charlieb 4501]
|
||||
|
||||
* Mon Aug 19 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.12-01]
|
||||
- Add 90adjustDenyLog fragment missed in last commit. [charlieb 4501]
|
||||
|
||||
* Mon Aug 19 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.11-01]
|
||||
- Further re-arrangement to facilitate non-disruptive update of filtering
|
||||
rules. [charlieb 4501]
|
||||
|
||||
* Fri Aug 16 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.10-01]
|
||||
- Remove 98adjust, and split it into 49adjustStart, 50adjustTCP and 51adjustEnd
|
||||
fragments. Migrate network stack tuning stuff to sysctl.conf templates.
|
||||
Add TOS adjustment stuff. [charlieb 4501]
|
||||
|
||||
* Thu Aug 15 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.9-01]
|
||||
- Change masq template fragments to allow non-disruptive modification.
|
||||
Add "masq adjust" verb. [charlieb 4501]
|
||||
|
||||
* Thu Aug 8 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.8-01]
|
||||
- Remove deprecated split in masq template fragment, and add FIXME comment
|
||||
to code which looks to be wrong. [charlieb 1268]
|
||||
|
||||
* Wed Jul 31 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.7-01]
|
||||
- Use iptables state tracking to allow return traffic. Remove special
|
||||
rules set up to allow the return traffic. [charlieb 4499]
|
||||
|
||||
* Tue Jul 23 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.6-01]
|
||||
- Allow local and masqueraded traffic on forward chain. Fix syntax for denylog
|
||||
chain. [charlieb 1268]
|
||||
|
||||
* Thu Jul 18 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.5-01]
|
||||
- Avoid a perl warning from use of ${httpd-e-smith}{status} -
|
||||
change to ${'httpd-e-smith'}{status}. [charlieb 1268]
|
||||
|
||||
* Wed Jul 17 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.4-01]
|
||||
- Change syntax from ipchains (2.2 kernel) to iptables (2.4 kernel).
|
||||
[charlieb 1268]
|
||||
- Add "status" option to list tables.
|
||||
- Miscellaneous syntax cleanups.
|
||||
|
||||
* Tue Jul 2 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.3-01]
|
||||
- Add "modprobe ipchains" to allow firewall to work with 2.4 kernel
|
||||
[charlieb 4223]
|
||||
|
||||
* Fri Jun 21 2002 Mark Knox <markk@e-smith.com>
|
||||
- [1.9.2-01]
|
||||
- Allow ICMP from all "local" networks, not just physical LAN [markk 3698]
|
||||
|
||||
* Fri Jun 21 2002 Mark Knox <markk@e-smith.com>
|
||||
- [1.9.1-01]
|
||||
- Allow ICMP on internal interface [markk 3698]
|
||||
|
||||
* Wed Jun 5 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.9.0-01]
|
||||
- Changing version to maintained stream number to 1.9.0
|
||||
|
||||
* Fri May 31 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.8.0-01]
|
||||
- Changing version to maintained stream number to 1.8.0
|
||||
|
||||
* Thu May 23 2002 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.7.3-01]
|
||||
- RPM rebuild forced by cvsroot2rpm
|
||||
|
||||
* Fri May 10 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.7.2-01]
|
||||
- Remove 45AllowSMTP - moved to e-smith-mailfront. [charlieb 3419]
|
||||
|
||||
* Fri May 10 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.7.1-01]
|
||||
- No change. Test build of CVS conversion.
|
||||
|
||||
* Fri May 10 2002 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.7.0-01]
|
||||
- rollRPM: Rolled version number to 1.7.0-01. Includes patches up to 1.6.0-02.
|
||||
|
||||
* Wed Dec 19 2001 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.6.0-02]
|
||||
- Restore run time lookup of ExternalIP by /etc/rc.d/init.d/masq.
|
||||
- Make sure that OUTERNET is set to a valid IP address, even if
|
||||
ExternalIP is not set in config db, to avoid syntax errors in
|
||||
ipchains command in masq script.
|
||||
|
||||
* Tue Dec 11 2001 Jason Miller <jay@e-smith.com>
|
||||
- [1.6.0-01]
|
||||
- rollRPM: Rolled version number to 1.6.0-01. Includes patches up to 1.5.0-05.
|
||||
|
||||
* Thu Dec 06 2001 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.5.0-05]
|
||||
- Add support for ippp0 as the external interface - if sync ISDN is used.
|
||||
|
||||
* Wed Nov 21 2001 Adrian Chung <adrianc@e-smith.com>
|
||||
- [1.5.0-04]
|
||||
- Add $OUT = "" to 01localNetworks so that '1' isn't output
|
||||
into template when 01localNetworks generates no output.
|
||||
|
||||
* Wed Nov 21 2001 Adrian Chung <adrianc@e-smith.com>
|
||||
- [1.5.0-03]
|
||||
- Splitting @locals and $primaryLocalNet generation out of
|
||||
40AllowLocals into 01localNetworks.
|
||||
- transproxy fragment from e-smith-proxy needs these variables in
|
||||
35transproxy.
|
||||
|
||||
* Tue Nov 06 2001 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.5.0-02]
|
||||
- Fix variable naming error in setting up @locals array.
|
||||
- Remove forwarding rules from stopmasq section - and remove the 'stop'
|
||||
alias for this case - there is a separate stop section of the script.
|
||||
- Add bidirectional forwarding rules for each local network to our network.
|
||||
This both enables the forwarded traffic, and also prevents masquerading
|
||||
of the local traffic.
|
||||
|
||||
* Mon Nov 5 2001 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.5.0-01]
|
||||
- Rolled version number to 1.5.0-01. Includes patches upto 1.4.0-02.
|
||||
|
||||
* Mon Oct 29 2001 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.4.0-02]
|
||||
- Allow packet forwarding from localnet to localnet in serveronly mode -
|
||||
this is necessary for PPTP VPN termination.
|
||||
|
||||
* Thu Aug 23 2001 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.4.0-01]
|
||||
- Rolled version number to 1.4.0-01. Includes patches upto 1.3.0-08.
|
||||
|
||||
* Fri Aug 17 2001 gordonr
|
||||
- [1.3.0-08]
|
||||
- Autorebuild by rebuildRPM
|
||||
|
||||
* Mon Aug 13 2001 Adrian Chung <adrianc@e-smith.com>
|
||||
- [1.3.0-07]
|
||||
- Apply the patch. :)
|
||||
|
||||
* Fri Aug 10 2001 Adrian Chung <adrianc@e-smith.com>
|
||||
- [1.3.0-06]
|
||||
- Multicast range is 224.0.0.0 to 239.255.255.255 which
|
||||
is 224.0.0.0/4 not 224.0.0.0/3.
|
||||
224.0.0.0/3 covers 255.255.255.255 which denies DHCP traffic
|
||||
|
||||
* Sat Apr 21 2001 Gordon Rowell <gordonr@e-smith.com>
|
||||
Mon Apr 21 2001 --> Mon Apr 16 2001 or Sat Apr 21 2001 or Mon Apr 23 2001 or ....
|
||||
- [1.3.0-05]
|
||||
- Putback Charlie's change to add Stealth property to masq service, defaulting
|
||||
to "no". If set to "yes", external ICMP echo packets are ignored.
|
||||
|
||||
* Sat Apr 07 2001 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.3.0-04]
|
||||
- Forward port patches from 1.2.0-01 to 1.2.0-06
|
||||
|
||||
* Sun Mar 25 2001 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.2.0-06]
|
||||
- Two new properties of masq service - PermitHighUDP and PermitHighTCP.
|
||||
Both default to "yes", but provide an easy way to block unprivileged
|
||||
TCP/UDP or both.
|
||||
|
||||
* Fri Mar 23 2001 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.2.0-05]
|
||||
- Default auth/smtp/http[s] to public for backwards compatability
|
||||
|
||||
* Fri Mar 23 2001 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.2.0-04]
|
||||
- masq service now has an optional property Logging, defaulting to "none"
|
||||
- Only log denied packets if Logging is other than "none" - this stops
|
||||
logging of the SMB chatter on cable and other shared networks
|
||||
- Ignore SMB and RIP packets unless Logging is "all"
|
||||
|
||||
* Thu Mar 22 2001 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.2.0-03]
|
||||
- Check access property for httpd-e-smith/smtpd/identd
|
||||
|
||||
* Wed Mar 7 2001 Adrian Chung <adrianc@e-smith.com>
|
||||
- [1.3.0-03]
|
||||
- set rp_filter to 0 for 'all' interface as well.
|
||||
|
||||
* Wed Mar 7 2001 Adrian Chung <adrianc@e-smith.com>
|
||||
- [1.3.0-02]
|
||||
- set rp_filter to 0 for 'default' interface, explicitly set
|
||||
it to 1 for eth0, eth1.
|
||||
- ipsec-restart will set eth1 to '0'.
|
||||
|
||||
* Wed Mar 7 2001 Adrian Chung <adrianc@e-smith.com>
|
||||
- [1.3.0-01]
|
||||
- branching to development stream.
|
||||
|
||||
* Thu Feb 8 2001 Adrian Chung <adrianc@e-smith.com>
|
||||
- [1.2.0-02]
|
||||
- Rolling release number for GPG signing.
|
||||
|
||||
* Thu Jan 25 2001 Peter Samuel <peters@e-smith.com>
|
||||
- [1.2.0-01]
|
||||
- Rolled version number to 1.2.0-01. Includes patches upto 1.1.0-16.
|
||||
|
||||
* Thu Jan 25 2001 Adrian Chung <adrianc@e-smith.com>
|
||||
- [1.1.0-16]
|
||||
- removed 35DenyUnrouteable fragment, since it affects
|
||||
us, and anyone else using a provider who masquerades
|
||||
connections.
|
||||
|
||||
* Wed Jan 24 2001 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.1.0-15]
|
||||
- Remove AllowFTP fragment - moved to e-smith-proftpd.
|
||||
|
||||
* Thu Jan 18 2001 Adrian Chung <adrianc@e-smith.com>
|
||||
- [1.1.0-14]
|
||||
- adjusted 45AllowFTP to follow value of FTP accessLimits instead
|
||||
of service status.
|
||||
|
||||
* Mon Dec 18 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-13]
|
||||
- Added use esmith::db
|
||||
|
||||
* Mon Dec 18 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-12]
|
||||
- Backed out -11 patch - not required
|
||||
- Reordered fragments
|
||||
|
||||
* Mon Dec 18 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-11]
|
||||
- Added source/destination to icmp rules
|
||||
|
||||
* Fri Dec 15 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-10]
|
||||
- Added protocol option to icmp fragments
|
||||
- Removed masqstart/masqstop
|
||||
- Allowed icmp echo-request and echo-reply
|
||||
|
||||
* Fri Dec 15 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-9]
|
||||
- Rearranged fragments
|
||||
- Split some rules into new chains
|
||||
- Added extra ICMP rules
|
||||
|
||||
* Fri Dec 15 2000 Charlie Brady <charlieb@e-smith.com>
|
||||
- [1.1.0-8]
|
||||
- Move AllowSSH template fragment to e-smith-openssh.
|
||||
- Fix uninitialised value problem in 15Definitions.
|
||||
|
||||
* Tue Dec 12 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-7]
|
||||
- Normalised AUTH template and fixed HTTP[S] templates
|
||||
|
||||
* Tue Dec 12 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-6]
|
||||
- Used hard-quote form of HERE documents to avoid $ expansions
|
||||
|
||||
* Tue Dec 12 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-5]
|
||||
- Normalised structure of 45Allow* fragments
|
||||
- Moved 45AllowIONonPriv to 46AllowIONonPriv
|
||||
|
||||
* Tue Dec 12 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-4]
|
||||
- Fixed service name in templates - imapd -> imap
|
||||
- Changed mode -> access
|
||||
|
||||
* Tue Dec 12 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-3]
|
||||
- Rewrote 15definitions and 45* fragments which checked services entries
|
||||
|
||||
* Tue Dec 05 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-2]
|
||||
- Determine ExternalIP at run time
|
||||
- Modified templates to check services entries
|
||||
- Added COPYING file and GPL Copyright
|
||||
|
||||
* Tue Dec 05 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [1.1.0-1]
|
||||
- Rolled version and tarball including patches to 0.1-4
|
||||
- Used e-smith-devtools
|
||||
|
||||
* Thu Nov 30 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- [0.1-4]
|
||||
- Changes to match change to pppoe service
|
||||
|
||||
* Wed Nov 29 2000 Gordon Rowell <gordonr@e-smith.com>
|
||||
- Handle ppp0 as external interface for PPPoE setups
|
||||
|
||||
* Tue Nov 21 2000 Charlie Brady <charlieb@e-smith.com>
|
||||
- Remove extraneous } in 15definitions
|
||||
|
||||
* Sun Nov 19 2000 Charlie Brady <charlieb@e-smith.com>
|
||||
- initial release
|
||||
|
||||
%prep
|
||||
%setup
|
||||
rm -rf root/var/service/ulogd
|
||||
mkdir -p root/run/ulog
|
||||
|
||||
|
||||
%build
|
||||
perl createlinks
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
for file in masq
|
||||
do
|
||||
mkdir -p root/etc/e-smith/templates/etc/rc.d/init.d/$file
|
||||
ln -s /etc/e-smith/templates-default/template-begin-shell \
|
||||
root/etc/e-smith/templates/etc/rc.d/init.d/$file/template-begin
|
||||
done
|
||||
|
||||
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
|
||||
mkdir -p $RPM_BUILD_ROOT/var/log/iptables
|
||||
mkdir -p $RPM_BUILD_ROOT/service
|
||||
#ln -s /var/service/ulogd $RPM_BUILD_ROOT/service/ulogd
|
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
|
||||
--dir /var/log/iptables 'attr(0755,ulog,ulog)' \
|
||||
--dir /run/ulog 'attr(2755,ulog,ulog)' \
|
||||
> e-smith-%{version}-filelist
|
||||
echo "%doc COPYING" >> e-smith-%{version}-filelist
|
||||
# --dir /var/service/ulogd 'attr(1755,root,root)' \
|
||||
# --file /var/service/ulogd/run 'attr(0755,root,root)' \
|
||||
# --dir /var/service/ulogd/log 'attr(0755,root,root)' \
|
||||
# --file /var/service/ulogd/log/run 'attr(0755,root,root)' \
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%pre
|
||||
if [ $1 -gt 1 ] ; then
|
||||
if [ -e /var/service/ulogd/run ] ; then
|
||||
/usr/bin/sv d ulogd
|
||||
/usr/bin/sv d ulogd/log
|
||||
fi
|
||||
fi
|
||||
|
||||
/usr/sbin/groupadd \
|
||||
-g 1010 -o ulog 2>/dev/null || :
|
||||
|
||||
/usr/sbin/useradd \
|
||||
-u 1010 -g 1010 -c 'ulogd user' -d /var/log/ulogd \
|
||||
-M -s /bin/false ulog || :
|
||||
|
||||
%files -f e-smith-%{version}-filelist
|
||||
%defattr(-,root,root)
|
Loading…
Reference in New Issue
Block a user